Recommended Posts

HI Guys,

Using your latest STOPRansomware , need help with these :

Unidentified ID: hSGZAhPjkQfF7stvJC3swWpUKWH7UtDnqpZp94ko (.jpg )
Unidentified ID: hSGZAhPjkQfF7stvJC3swWpUKWH7UtDnqpZp94ko (.kiratos )
MAC: FA:28:19:EF:5D:89

any help will be highly appreciated

Thanks..

ps:  sorry for my bad english

Share this post


Link to post
Share on other sites

There's a batch file that you can use to get the MAC addresses quickly. If you'd like to try it, you can download the ZIP archive from the following link:
https://www.gt500.org/emsisoft/MAC_Address_Batch_File.zip

Simply download it, open it, and double-click the Get_MAC_Addresses file in the folder that appears. A black window will open and then close, and once that happens the batch file is done. You'll find a new file on your Desktop named MAC_Addresses which you can send to Demonslay335 so that he can try to figure out your decryption key.

Note that the quicker you can get him this information, the better your chances of being able to recover your files.

Share this post


Link to post
Share on other sites

need help for kiratos too.. 

here my mac and personal id 

MAC: 
D0:50:99:86:A6:4B

personal ID:
072Asdju732sdfAdhNmICd235UhnVWtKObZj9euyn8BtbejvDsafO34bq

thanks

Share this post


Link to post
Share on other sites

@Demonslay335 ! Just infected with .kiratos ransomware encryption virus. 
personal ID:
072Asdju732sdfAdhFGNZkCQSiUYfQgC8zNc4XAf
mac: 
50-E5-49-8F-F4-C1  

Share this post


Link to post
Share on other sites
8 hours ago, GT500 said:

There's a batch file that you can use to get the MAC addresses quickly. If you'd like to try it, you can download the ZIP archive from the following link:
https://www.gt500.org/emsisoft/MAC_Address_Batch_File.zip

Simply download it, open it, and double-click the Get_MAC_Addresses file in the folder that appears. A black window will open and then close, and once that happens the batch file is done. You'll find a new file on your Desktop named MAC_Addresses which you can send to Demonslay335 so that he can try to figure out your decryption key.

Note that the quicker you can get him this information, the better your chances of being able to recover your files.

Help me please! 

need help for kiratos too.. 

here my mac and personal id 

MAC: 
28:F1:0E:4B:9A:3C

personal ID:
072Asdju732sdfAdhZjqPRPyO34YFCjA18Kj9IsdseMEnOJrWNhuoEez4

Share this post


Link to post
Share on other sites
On ‎4‎/‎28‎/‎2019 at 10:31 AM, Demonslay335 said:

Please follow the instructions in the BleepingComputer support topic to give me all of the MAC addresses of the infected PC.

Connection Name Network Adapter Physical Address    Transport Name                                           
=============== =============== =================== ==========================================================
Ethernet        Realtek PCIe FE 74-E6-E2-30-D1-B7   Media disconnected                                       
Wi-Fi           Broadcom 802.11 10-08-B1-CC-67-5D   \Device\Tcpip_{6D930E6D-D860-403B-8393-6A40BA134970}     
Bluetooth Netwo Bluetooth Devic 10-08-B1-CC-67-5E   Media disconnected                                       
 

Share this post


Link to post
Share on other sites

I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.

  • Like 2

Share this post


Link to post
Share on other sites
1 hour ago, GT500 said:

I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.

Yes Sir,

Thanks for your kindness..

Hopefully I find a way out from this problem soon.

Best Regard,

Gurit Hamboro

 

Share this post


Link to post
Share on other sites

Please help me Sir Demonslay335,☹️

Here's my MAC ADD : A4:1F:72:52:08:44

ID number : 072Asdju732sdfAdhNfAjLViU2VDDBxEgZOOROjyvmprZ4ovJ6MrBfjDR

Thank you in advance Sir,

_readme.txt

Share this post


Link to post
Share on other sites
19 hours ago, SAIWU said:

Please help me Sir Demonslay335,☹️

Here's my MAC ADD : A4:1F:72:52:08:44

ID number : 072Asdju732sdfAdhNfAjLViU2VDDBxEgZOOROjyvmprZ4ovJ6MrBfjDR

Thank you in advance Sir,

_readme.txt 1.14 kB · 1 download

.kiratos? Or another variant of STOP/Djvu?

Share this post


Link to post
Share on other sites
20 hours ago, SAIWU said:

Kiratos Sir, 

OK. I've already sent your information to the creator of STOPDecrypter, and he'll archive it in case he is able to figure out your decryption key at some point in the future.

Share this post


Link to post
Share on other sites

Hey, i need help with decrypting my files .kiratos that was infected 

personal ID:
072Asdju732sdfAdhta0hOtzBPDV6XnIJ4P1ua40YEaqy9t5kQWJZdp7x

Mac Addresses

Intel(R) Centri 24-77-03-73-E0-48   \Device\Tcpip_{C3B7C206-55A8-49B3-AB26-E5638A95C004}

Share this post


Link to post
Share on other sites
On 5/5/2019 at 7:53 AM, ArifMaz said:

Hey, i need help with decrypting my files .kiratos that was infected 

personal ID:
072Asdju732sdfAdhta0hOtzBPDV6XnIJ4P1ua40YEaqy9t5kQWJZdp7x

Mac Addresses

Intel(R) Centri 24-77-03-73-E0-48   \Device\Tcpip_{C3B7C206-55A8-49B3-AB26-E5638A95C004}

I've forwarded your information to the creator of STOPDecrypter so that he can archive it in case he is able to figure out your decryption key at some point in the future.

Share this post


Link to post
Share on other sites

Hello there my files are encrypted with kiratos ! 

Connection Name Network Adapter Physical Address    Transport Name                                            
=============== =============== =================== ==========================================================
Local Area Conn Qualcomm Athero 08-62-66-4F-FD-08   \Device\Tcpip_{E3E745AA-927B-4A3E-9C2A-99C2650A7272}      
Local Area Conn Kaspersky Secur 00-FF-1F-FD-95-9F   Media disconnected   

Share this post


Link to post
Share on other sites
14 hours ago, Parthshah19 said:

Hello there my files are encrypted with kiratos ! 

We'll need the ID from one of the ransom notes as well. They should have a name like _readme (or something similar to this).

Share this post


Link to post
Share on other sites

haloo

my another pc already infectedby kiratos ransomware

 

here is details

 

----------------------------------------
STOPDecrypter v2.1.0.2
OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
----------------------------------------
 
No key for ID:tIedRopeskclmUIXU93bMjDlLFYBHv14rLhk0Ul1 (.kiratos )
Unidentified ID: tIedRopeskclmUIXU93bMjDlLFYBHv14rLhk0Ul1 (.kiratos )
MACs: 18:31:BF:6B:D4:B5
Decrypted 1 files, skipped 9
 
Your personal ID:
072Asdju732sdfAdhtIedRopeskclmUIXU93bMjDlLFYBHv14rLhk0Ul1
 
 
thank you boss..

Share this post


Link to post
Share on other sites
14 hours ago, sait said:
No key for ID:tIedRopeskclmUIXU93bMjDlLFYBHv14rLhk0Ul1 (.kiratos )
Unidentified ID: tIedRopeskclmUIXU93bMjDlLFYBHv14rLhk0Ul1 (.kiratos )
MACs: 18:31:BF:6B:D4:B5
Decrypted 1 files, skipped 9

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

Share this post


Link to post
Share on other sites
On 5/25/2019 at 7:59 AM, GT500 said:

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

ok.dont forget to tell me later

Share this post


Link to post
Share on other sites
19 minutes ago, sait said:

ok.dont forget to tell me later

If the creator of STOPDecrypter is able to figure out a decryption key for you, then he should contact you privately to let you know.

Share this post


Link to post
Share on other sites
38 minutes ago, GT500 said:

If the creator of STOPDecrypter is able to figure out a decryption key for you, then he should contact you privately to let you know.

Okay..thnk boss

Share this post


Link to post
Share on other sites
On 5/4/2019 at 7:06 AM, GT500 said:

OK. I've already sent your information to the creator of STOPDecrypter, and he'll archive it in case he is able to figure out your decryption key at some point in the future.

What should i do next Sir? Its almost a month but no reply yet. Tia

Share this post


Link to post
Share on other sites
On 6/2/2019 at 12:41 PM, SAIWU said:

What should i do next Sir? Its almost a month but no reply yet. Tia

Just give us a little more time. ;)

Share this post


Link to post
Share on other sites

Please help me with the  kiratos ransomware

 

[!] No keys were found for the following IDs:
[*] ID: DUAzgfiz8Ug4k3X4t6MN8G37npjIONdl9bHd172u (.kiratos )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:1E:A6:76:DC:06, 00:1E:A6:76:DC:07, 00:25:22:35:C3:CE
This info has also been logged to STOPDecrypter-log.txt

Share this post


Link to post
Share on other sites
On 6/8/2019 at 12:22 PM, khan said:

Please help me with the  kiratos ransomware

[!] No keys were found for the following IDs:
[*] ID: DUAzgfiz8Ug4k3X4t6MN8G37npjIONdl9bHd172u (.kiratos )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:1E:A6:76:DC:06, 00:1E:A6:76:DC:07, 00:25:22:35:C3:CE
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

Share this post


Link to post
Share on other sites
On 4/28/2019 at 7:31 PM, Demonslay335 said:

Please follow the instructions in the BleepingComputer support topic to give me all of the MAC addresses of the infected PC.

dear sir GT 500

my files were infected with .kiratos EXT, and below my mac address, is there any help ? 

and there is a sample of file 

thanks in advance

MAC_Addresses.txt 00f43dedbe88a8b4b433cdf289cc1ee1.aac.kiratos.zyaspgnf.kiratos

Share this post


Link to post
Share on other sites
On 6/16/2019 at 2:28 PM, yousef_elmalk said:

my files were infected with .kiratos EXT, and below my mac address, is there any help ? 

While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

 

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.